-
不受影响的程序版本

Microsoft SQL Server 2000 SP3

-
漏洞讨论

Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers (DBCC). Several of these programs contain identical buffer overflows that, when exploited, could allow an attacker to execute arbitrary code with the privilege level of the SQL Server service account.

-
漏洞利用

The following exploit was provided by Cesar Cerrudo &lt;cesarc56@yahoo.com&gt;: